Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro to Grouper There’s nothing fishy about Identity Management with Grouper.

Published byNelson Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "Intro to Grouper There’s nothing fishy about Identity Management with Grouper."— Presentation transcript:

1 Intro to Grouper There’s nothing fishy about Identity Management with Grouper

2 What is Grouper ?

3 Grouper in the Identity Ecosystem

4 Grouper (Internet2) Core functionality: – Groups provisioning & de-provisioning engine – Downstream Provisioning Service – Standardized API – Web and Shell front-end – Rich privilege-based access control permits delegated management of groups Key component in Access Management

5 What IS Access Management? In Short: Grant authenticated User A the right to perform Operation B on Resource C according to Policy D

6 Stage 1: Authenticate, provide common attributes Stage 2: Group entities based on Systems of Record Stage 3: Delegate Group and Resource Management Stage 4: Move Access Mgmt decisions from services to central system(s)

7 Stage 1 LDAP CAS Shibboleth Kerberos Mostly solved

8 Stage 2: Groups

9 Grouper: Basics 9 Folders in hierarchies Group Direct members Subgroup Indirect members Composite groups = U April 2012

10 Grouper: Attributes

11 Stage 3: Delegate

12 Grouper delegation 12 Create groups Create subfolders Admin Update membership Read membership View group Opt-in Opt-out Delegation April 2012

13 Stage 4: Centralized Permissions Management

14 Permissions 14 Attributes Roles Permissions Attribute definition Permission definition Role inheritance April 2012

15 Permission Attributes

16 Grouper Components

17 Grouper Loader Grouper’s populating engine Load from LDAP Load from AD Load from SQL (Tables or Views) Write your own import code

18 Grouper Quickstart New version with v2.1. Download the JAR and run Install in under 10 minutes on Linux, OS X (suggest Xcode first) Automatically grabs pieces that it needs (Tomcat, Ant, libraries) Pre-populates example DB

19 Grouper Challenges Documentation is “OK” UI is weak (but being rewritten) Change is quick – could be hard to keep up

20 Why Grouper? Open source, community-driven project of the Internet2 Middleware Initiative – Initial release v0.5 in December 2004 – v2.1 released in 2011 – v2.2 due 2012Q4 Mature code base with at least 20 Higher-Ed contributing sites world-wide Developed By and For Higher-Ed

21 June 2012 Grouper At SFU Rob Urquhart

Download ppt "Intro to Grouper There’s nothing fishy about Identity Management with Grouper."

Similar presentations

Samsung Smart TV is a web-based application running on an application engine installed on digital TVs connected to the Internet.

Samsung Smart TV is a web-based application running on an application engine installed on digital TVs connected to the Internet.
Grouper Training - Admin Loader - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.

Grouper Training - Admin Loader - Part 1 Chris Hyzer Internet2 University of Pennsylvania This work licensed under a Creative Commons Attribution-NonCommercial.
Where the sidewalk used to end, privilege management Chris Hyzer University of Pennsylvania.

Where the sidewalk used to end, privilege management Chris Hyzer University of Pennsylvania.
SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since 1991 10 years.

SharePoint 2010 Permissions Keith Tuomi. profile KEITH TUOMI SharePoint Consultant / Developer at itgroove Developing Online Systems since years.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.

Introduction to Grouper. Open source, community-driven project of the Internet2 Middleware Initiative Initial release v0.5 in December 2004 Grouper originally.
Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.

Active Directory at the University of Michigan Data Population and Kerberos Interoperability MaryBeth Stuenkel LAN/NOS/Groupware Services.
A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.

A Model for Enterprise Group and Affiliation Management RL “Bob” Morgan University of Washington CAMP, June 2005.
Signet and Grouper for Distributed Attribute Administration

Signet and Grouper for Distributed Attribute Administration
Overview of Active Directory Domain Services Lesson 1.

Overview of Active Directory Domain Services Lesson 1.
Apereo Grouper Seminar Part 2 – Penn and Grouper Chris Hyzer University of Pennsylvania and Internet2.

Apereo Grouper Seminar Part 2 – Penn and Grouper Chris Hyzer University of Pennsylvania and Internet2.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Chris Hyzer University of Pennsylvania

Chris Hyzer University of Pennsylvania
Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.
Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.

Introduction to Grouper Part 1: Access Management & Grouper Tom Barton University of Chicago and Internet2 Manager – Grouper Project.
I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.
IAM Online - Grouper Permissions Chris Hyzer University of Pennsylvania / Internet2 September 14, 2011 9/14/20151.

IAM Online - Grouper Permissions Chris Hyzer University of Pennsylvania / Internet2 September 14, /14/20151.
Grouper at the University of Minnesota Christopher A. Bongaarts Grouper Virtual Working Group May 20, 2013.

Grouper at the University of Minnesota Christopher A. Bongaarts Grouper Virtual Working Group May 20, 2013.
Access Management with Grouper Tom Barton University of Chicago.

Access Management with Grouper Tom Barton University of Chicago.
INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.

INTEGRATION WITH OTHER IDM SOLUTIONS Remember… The primary goal of KIM was to build a service- oriented abstraction layer for Identity and Access Management.

Similar presentations

Ads by Google